CISCO Wireless LAN Controller Software User Guide

Contents hide
1 Wireless LAN Controller Software
2 Product Information
2.1 Efficient Image Upgrade
2.1.1 Specifications
2.2 Product Usage Instructions
2.2.1 Enable Pre-Download (GUI)
2.2.2 Enable Pre-Download (CLI)
2.2.3 Configuring a Site Tag (CLI)
2.3 FAQ
2.3.1 Q: Can I use Efficient Image Upgrade feature on all controller types?
2.3.2 Q: How can I attach a policy tag and a site tag to an AP?
2.3.3 Documents / Resources
2.3.3.1 References

Wireless LAN Controller Software

Product Information

Efficient Image Upgrade

Specifications

  • Feature: Efficient Image Upgrade
  • Compatibility: Not recommended for controllers running Cisco
    IOS XE Amsterdam 17.3.x with Cisco Catalyst 9124AX and Cisco
    Catalyst 9130AX APs in the same group.

Product Usage Instructions

Enable Pre-Download (GUI)

  1. Go to Configuration > Wireless > Access Points.
  2. In the Access Points page, expand the All Access Points section
    and click the name of the AP to edit.
  3. In the Edit AP page, click the Advanced tab.
  4. Under the AP Image Management section, click Predownload.
  5. Click Update & Apply to Device to enable Pre-Download.

Enable Pre-Download (CLI)

  1. Enter global configuration mode by using the command:
    configure terminal.
  2. Create a wireless profile flex by entering: wireless
    profile flex flex-profile    .
  3. Enable predownload of the image by using:
    predownload.
  4. Exit configuration mode by entering: end.

Configuring a Site Tag (CLI)

  1. Access global configuration mode with: configure
    terminal    .
  2. Create a site tag by using: wireless tag site
    site-name    .
  3. Configure a flex profile by entering: flex-profile
    flex-profile-name    .
  4. Add a description for the site tag with: description
    site-tag-name    .
  5. Save and exit configuration mode by using:
    end.

FAQ

Q: Can I use Efficient Image Upgrade feature on all controller
types?

A: No, it is not recommended to enable this feature on
controllers running Cisco IOS XE Amsterdam 17.3.x when there are
Cisco Catalyst 9124AX and Cisco Catalyst 9130AX APs in the same
group.

Q: How can I attach a policy tag and a site tag to an AP?

A: Follow the procedure given in the user manual under
“Attaching Policy Tag and Site Tag to an AP (CLI)”.

View Fullscreen

Efficient Image Upgrade
· Efficient Image Upgrade, on page 1 · Enable Pre-Download (GUI), on page 2 · Enable Pre-Download (CLI), on page 2 · Configuring a Site Tag (CLI), on page 2 · Attaching Policy Tag and Site Tag to an AP (CLI), on page 4 · Trigger Predownload to a Site Tag, on page 5 · Feature History for Out-of-Band AP Image Download, on page 7 · Information About Out-of-Band AP Image Download, on page 7 · Restrictions for Out-of-Band AP Image Download, on page 8 · Download AP Image from Controller Using HTTPS (CLI), on page 8 · Download AP Image from Controller Using HTTPS (GUI), on page 9 · Verifying Image Upgrade, on page 10
Efficient Image Upgrade
Efficient Image upgrade is an efficient way of predownloading the image to the APs. It works similar to primary – subordinate model. An AP per model becomes the primary AP and downloads image from the controller through the WAN link. Once the primary AP has the downloaded image, the subordinate APs starts downloading the image from the primary AP. In this way, WAN latency is reduced. Primary AP selection is dynamic and random. A maximum of three subordinate APs per AP model can download the image from the primary AP.
Note Do not enable this feature on controllers running Cisco IOS XE Amsterdam 17.3.x when there are Cisco Catalyst 9124AX and Cisco Catalyst 9130AX APs in the same group.
Efficient Image Upgrade 1

Enable Pre-Download (GUI)

Efficient Image Upgrade

Enable Pre-Download (GUI)
Procedure

Step 1 Step 2 Step 3
Step 4

Choose Configuration > Wireless > Access Points. In the Access Points page, expand the All Access Points section and click the name of the AP to edit. In the Edit AP page, click the Advanced tab and from the AP Image Management section, click Predownload. Click Update & Apply to Device.

Enable Pre-Download (CLI)

Procedure

Step 1

Command or Action configure terminal Example:
Device# configure terminal

Purpose Enters the global configuration mode.

Step 2

wireless profile flex flex-profile
Example:
Device(config)# wireless profile flex rr-xyz-flex-profile

Configures a flex profile and enters the flex profile configuration mode.

Step 3

predownload
Example:
Device(config-wireless-flex-profile)# predownload

Enables predownload of the image.

Step 4

end
Example:
Device(config-wireless-flex-profile)# end

Exits the configuration mode and returns to privileged EXEC mode.

Configuring a Site Tag (CLI)
Follow the procedure given below to configure a site tag:

Efficient Image Upgrade 2

Efficient Image Upgrade

Configuring a Site Tag (CLI)

Procedure

Step 1

Command or Action configure terminal Example:
Device# configure terminal

Purpose Enters global configuration mode.

Step 2

wireless tag site site-name
Example:
Device(config)# wireless tag site rr-xyz-site

Configures a site tag and enters site tag configuration mode.

Step 3

flex-profile flex-profile-name
Example:
Device(config-site-tag)# flex-profile rr-xyz-flex-profile

Configures a flex profile.

Note

You cannot remove the flex

profile configuration from a site

tag if local site is configured on

the site tag.

Note

The no local-site command needs

to be used to configure the Site

Tag as Flexconnect, otherwise the

Flex profile config does not take

effect.

Step 4 Step 5 Step 6

description site-tag-name
Example:
Device(config-site-tag)# description “default site tag”

Adds a description for the site tag.

end Example:
Device(config-site-tag)# end

Saves the configuration and exits configuration mode and returns to privileged EXEC mode.

show wireless tag site summary

(Optional) Displays the number of site tags.

Example:

Note

Device# show wireless tag site summary

To view detailed information about a site, use the show wireless tag site detailed site-tag-name command.

Note

The output of the show wireless

loadbalance tag affinity wncd

wncd-instance-number command

displays default tag (site-tag) type,

if both site tag and policy tag are

not configured.

Efficient Image Upgrade 3

Attaching Policy Tag and Site Tag to an AP (CLI)

Efficient Image Upgrade

Attaching Policy Tag and Site Tag to an AP (CLI)
Follow the procedure given below to attach a policy tag and a site tag to an AP:

Procedure

Step 1

Command or Action configure terminal Example:
Device# configure terminal

Step 2

ap mac-address Example:
Device(config)# ap F866.F267.7DFB

Purpose Enters global configuration mode.

Configures a Cisco AP and enters AP profile configuration mode.

Note

The mac-address should be a

wired mac address.

Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9

policy-tag policy-tag-name
Example:
Device(config-ap-tag)# policy-tag rr-xyz-policy-tag

Maps a policy tag to the AP.

site-tag site-tag-name
Example:
Device(config-ap-tag)# site-tag rr-xyz-site

Maps a site tag to the AP.

rf-tag rf-tag-name Example:
Device(config-ap-tag)# rf-tag rf-tag1

Associates the RF tag.

end Example:
Device(config-ap-tag)# end

Saves the configuration, exits configuration mode, and returns to privileged EXEC mode.

show ap tag summary Example:
Device# show ap tag summary

(Optional) Displays AP details and the tags associated to it.

show ap name <ap-name> tag info
Example:
Device# show ap name ap-name tag info

(Optional) Displays the AP name with tag information.

show ap name <ap-name> tag detail Example:

(Optional) Displays the AP name with tag detals.

Efficient Image Upgrade 4

Efficient Image Upgrade

Trigger Predownload to a Site Tag

Command or Action

Purpose

Device# show ap name ap-name tag detail

Trigger Predownload to a Site Tag
Follow the procedure given below to trigger image download to the APs:

Procedure

Step 1

Command or Action enable Example:
Device> configure terminal

Purpose Enters the privileged EXEC mode.

Step 2

ap image predownload site-tag site-tag start Instructs the primary APs to start image

Example:

predownload.

Device# ap image predownload site-tag rr-xyz-site start

Step 3

show ap master list Example:
Device# show ap master list

Displays the list of primary APs per AP model per site tag.

Step 4

show ap image Example:
Device# show ap image

Displays the predownloading state of primary and subordinate APs .

Note

To check if Flexefficient image

upgrade is enabled in the AP, use

the show capwap client rcb

command on the AP console.

The following sample outputs display the functioning of the Efficient Image Upgrade feature:

The following output displays the primary AP.

Device# show ap master list

AP Name

WTP Mac

AP Model

Site Tag

—————————————————————————————–

AP0896.AD9D.3124

f80b.cb20.2460 AIR-AP2802I-D-K9 ST1

The following output shows that the primary AP has started predownloading the image.
Device# show ap image Total number of APs: 6

AP Name

Primary Image Backup Image Predownload Status Predownload Version

Next Retry Time Retry Count

————————————————————————————————————————–

APE00E.DA99.687A 16.6.230.37

0.0.0.0

None

0.0.0.0

Efficient Image Upgrade 5

Trigger Predownload to a Site Tag

Efficient Image Upgrade

N/A AP188B.4500.4208
N/A AP188B.4500.4480
N/A AP188B.4500.5E28
N/A AP0896.AD9D.3124
0 AP2C33.1185.C4D0
N/A

0 16.6.230.37 0 16.6.230.37 0 16.6.230.37 0 16.6.230.37 0 16.6.230.37 0

8.4.100.0

None

0.0.0.0

None

16.4.230.35 None

8.4.100.0

Predownloading

8.4.100.0

None

0.0.0.0 0.0.0.0 0.0.0.0 16.6.230.36 0.0.0.0

The following output shows that the primary AP has completed predownload and the predownload has been initiated in the subordinate AP.
Device# show ap image

Total number of APs: 6

AP Name

Primary Image Backup Image Predownload Status Predownload Version

Next Retry Time Retry Count

————————————————————————————————————————–

APE00E.DA99.687A 16.6.230.37

0.0.0.0

Initiated

16.6.230.36

N/A

0

AP188B.4500.4208 16.6.230.37

8.4.100.0

None

0.0.0.0

N/A

0

AP188B.4500.4480 16.6.230.37

0.0.0.0

None

0.0.0.0

N/A

0

AP188B.4500.5E28 16.6.230.37

16.4.230.35 None

0.0.0.0

N/A

0

AP0896.AD9D.3124 16.6.230.37

8.4.100.0

Complete

16.6.230.36

0

0

AP2C33.1185.C4D0 16.6.230.37

8.4.100.0

Initiated

16.6.230.36

0

0

The following output shows image status of a particular AP.
Device# show ap name APe4aa.5dd1.99b0 image AP Name : APe4aa.5dd1.99b0 Primary Image : 16.6.230.46 Backup Image : 3.0.51.0 Predownload Status : None Predownload Version : 000.000.000.000 Next Retry Time : N/A Retry Count : 0
The following output shows predownload completion on all APs.
Device# show ap image Total number of APs: 6

Number of APs

Initiated

:0

Predownloading

:0

Completed predownloading : 3

Not Supported

:0

Failed to Predownload

:0

AP Name

Primary Image Backup Image Predownload Status Predownload Version

Next Retry Time Retry Count

————————————————————————————————————————–

APE00E.DA99.687A 16.6.230.37

16.6.230.36 Complete

16.6.230.36

N/A

0

Efficient Image Upgrade 6

Efficient Image Upgrade

Feature History for Out-of-Band AP Image Download

AP188B.4500.4208 N/A
AP188B.4500.4480 N/A
AP188B.4500.5E28 N/A
AP0896.AD9D.3124 0
AP2C33.1185.C4D0 0

16.6.230.37 0 16.6.230.37 0 16.6.230.37 0 16.6.230.37 0 16.6.230.37 0

8.4.100.0

None

0.0.0.0

None

16.4.230.35 None

16.6.230.36 Complete

16.6.230.36 Complete

0.0.0.0 0.0.0.0 0.0.0.0 16.6.230.36 16.6.230.36

Feature History for Out-of-Band AP Image Download

This table provides release and related information for the feature explained in this module. This feature is available in all the releases subsequent to the one in which it is introduced in, unless noted otherwise.
Table 1: Feature History for Out-of-Band AP Image Download

Release
Cisco IOS XE Dublin 17.11.1

Feature
Out-of-Band AP Image Download

Feature Information
The AP image upgrade method is enhanced to make the upgrades faster and more flexible.

Information About Out-of-Band AP Image Download
In WLAN deployments, the APs gather their software image and configuration from the controller (in-band) during the join, predownload, and upgrade phases over the CAPWAP control path. This mechanism has limitations in the context of CAPWAP window size, processing of CAPWAP packets, and parallel image downloads. With image upgrade being a significant activity in the lifecycle of APs, upgrades become a time-consuming activity when the deployment size increases, especially for remote deployments, because the image always comes from the controller, irrespective of the deployment types.
To make upgrades faster and more flexible, the AP image upgrade method is enhanced in Cisco IOS XE Dublin 17.11.1 release. An enhanced webserver (nginx) running on the controller helps the AP image downloads to be available out of the CAPWAP path (out of band).
Note
· HTTPS configuration done at the global level applies to all the APs joining the controller.
· When AP image download over an Out-of-Band method fails, the download falls back to the CAPWAP method, as a result of which the APs will not be stranded.
· AP image download over HTTPS may fail if the HTTPS server Trustpoint has a chain of CA certificates.
· Before you downgrade from Cisco IOS XE Dublin 17.11.1 to an earlier version, ensure that the Out-of-Band AP Image Download feature is disabled, as it is not supported in previous releases.

Efficient Image Upgrade 7

Restrictions for Out-of-Band AP Image Download

Efficient Image Upgrade

Restrictions for Out-of-Band AP Image Download
This feature is not supported on the following platforms: · Cisco Embedded Wireless Controller on Catalyst Access Points · Cisco Embedded Wireless Controller on Catalyst Switches · Cisco Wave 1 Access Points

Download AP Image from Controller Using HTTPS (CLI)

Before you begin · HTTPS configuration must be enabled.
· The ngnix server must be running on the controller. Use the show platform software yang-management process command to check whether the ngnix server is running.
· The custom-configured port must be reachable between the controller and the corresponding AP.

Procedure

Step 1

Command or Action configure terminal Example:
Device# configure terminal

Purpose Enters the global configuration mode.

Step 2

ap upgrade method https

Configures the corresponding AP to download

Example:

the image over HTTPS from the controller if the AP supports out-of-band AP image

Device(config)# ap upgrade method https download method.

You can check whether the AP supports efficient download method using the show ap config general command.

Use the no form of this command to disable out-of-band AP image download method.

Step 3

ap file-transfer https port port_number
Example:
Device(config)# ap file-transfer https port 8445

Configures a custom port for image download from the nginx server running on the controller.
For HTTPS port, the valid values range from 0 to 65535, with a default of 8443. You cannot use port 443 for AP file transfers because it is the default port used for other HTTPS requests. Also, avoid configuring standard and well-known ports because the configuration may fail.

Efficient Image Upgrade 8

Efficient Image Upgrade

Download AP Image from Controller Using HTTPS (GUI)

Command or Action

Step 4

end Example:
Device(config)# end

Purpose
By default, the Efficient AP image download feature uses port 8443 for HTTPS. If the same port is configured for HTTPS access for controller GUI, then GUI access will not work. In such instances, use a port number other than 8443 for controller GUI Access or configure a different port for AP file transfer over HTTPS instead of 8443.
The port 8443 is customazible. A sample config is given below:
Source= wireless controller Destination= Access Point Protocol=HTTPS Destination Port=8443 Source Port=any Description= “Out of Band AP Image Download”
Returns to privileged EXEC mode.

Download AP Image from Controller Using HTTPS (GUI)
Procedure

Step 1 Step 2
Step 3
Step 4

Choose Configuration > Wireless > Wireless Global.

In the AP Image Upgrade section, enable the HTTPS Method to allow image download on APs from the controller, over HTTPS. This out-of-band file transfer is an efficient method for AP image upgrade.

Note

The AP should support out-of-band image download. You can verify this in the Configuration

> Wireless > Access Points window. Select the AP, and in the Edit AP > Advanced tab, view

the details of the support in the AP Image Management section.

Enter the HTTPS Port to designate AP file transfers on that port. Valid values range from 0 to 65535, with the default being 8443. Note that you cannot use port 443 for AP file transfers because that is the default port for other HTTPS requests.
By default, the Efficient AP image download feature uses port 8443 for HTTPS. If the same port is configured for HTTPS access for controller GUI, then GUI access will not work. In such instances, use a port number other than 8443 for controller GUI Access or configure a different port for AP file transfer over HTTPS instead of 8443.
Click Apply to Device to save the configuration.

Efficient Image Upgrade 9

Verifying Image Upgrade

Efficient Image Upgrade

Verifying Image Upgrade
To check whether an AP supports efficient download method, use the following command:
Device# show ap config general
Cisco AP Name : AP002C.C862.E880 =================================================
Cisco AP Identifier : 002c.c88b.0300 Country Code : Multiple Countries : IN,US Regulatory Domain Allowed by Country : 802.11bg:-A 802.11a:-ABDN AP Country Code : US – United States AP Regulatory Domain 802.11bg : -A AP Upgrade Out-Of-Band Capability : Enabled AP statistics : Disabled

To view the AP image download statistics, use the following command. Use the show ap image command to see the detailed output.
Device# show ap image summary

Total number of APs : 1 Number of APs
Initiated Downloading Predownloading Completed downloading Completed predownloading Not Supported Failed to Predownload Predownload in progress

:0 :0 :0 :0 :0 :0 :0 : No

To view the method used to download the AP image, use the following command:
Device# show wireless stats ap image-download

AP image download info for last attempt

AP Name Count ImageSize StartTime

EndTime

Diff(secs) Predownload Aborted

Method

—————————————————————————————————–

mysore1 1

40509440 08/23/21 22:17:59 08/23/21 22:19:06 67

No

No

CAPWAP

To view the method used to download the AP image, use the following command:
Device# show ap upgrade method AP upgrade method HTTPS : Disabled
To view the port used for the AP image transfer, use the following command:
Device# show ap file-transfer https summary

Configured port Operational port

: 8443 : 8443

Efficient Image Upgrade 10

Efficient Image Upgrade

Verifying Image Upgrade

!If different ports are shown under ‘Configured port’ and ‘Operations port’ !that means custom port configuration has failed and is continuing with the previous port.
!The failure reason could be the input port, which is a well-known port and already in use.

To view the whether an AP supports image download over HTTPS, use the following command:
Device# show ap name AP2800 config general | sec Upgrade

AP Upgrade Out-Of-Band Capability

: Enabled

To view the detailed output an AP’s pre-image, use the following command:
Device# show ap image

Total number of APs : 2

Number of APs

Initiated

:0

Downloading

:0

Predownloading

:0

Completed downloading

:2

Completed predownloading : 0

Not Supported

:0

Failed to Predownload

:0

Predownload in progress : No

AP Name Primary Image Backup Image Predownload Status Predownload Version Next Retry

Time Retry Count Method

——————————————————————————————————————–

AP_3800_1 17.11.0.69 17.11.0.71 None

0.0.0.0

N/A

0

HTTPS

AP2800

17.11.0.69 17.11.0.71 None

0.0.0.0

N/A

0

HTTPS

!The ‘method’ column indicates the download method used by the AP.

Efficient Image Upgrade 11

Verifying Image Upgrade

Efficient Image Upgrade

Efficient Image Upgrade 12

Documents / Resources

CISCO Wireless LAN Controller Software [pdf] User Guide
Wireless LAN Controller Software, LAN Controller Software, Controller Software, Software

References

Leave a comment

Your email address will not be published. Required fields are marked *